<!DOCTYPE html><html lang="en" data-theme="light"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0"><title>Https RSA 握手解析 | 戴涛的宝藏</title><meta name="author" content="戴涛"><meta name="copyright" content="戴涛"><meta name="format-detection" content="telephone=no"><meta name="theme-color" content="#ffffff"><meta name="description" content="HTTPS RSA 握手解析为什么要使用HTTPS协议http是明文传输的，在传输过程中会有几大风险：  窃听风险，可能会被盗号 篡改风险，对目标网站植入垃圾广告 冒充风险，可能会有一个假的网站  使用TLS协议可以解决HTPP的风险，通过：  信息加密 校验机制 身份证书  TLS协议四次握手如图所示： 接下来，我们就以最简单的 RSA 密钥交换算法，来看看它的 TLS 握手过程。 RSA 握手">
<meta property="og:type" content="article">
<meta property="og:title" content="Https RSA 握手解析">
<meta property="og:url" content="https://declan1.gitee.io/2023/03/15/Https-RSA-%E6%8F%A1%E6%89%8B%E8%A7%A3%E6%9E%90/index.html">
<meta property="og:site_name" content="戴涛的宝藏">
<meta property="og:description" content="HTTPS RSA 握手解析为什么要使用HTTPS协议http是明文传输的，在传输过程中会有几大风险：  窃听风险，可能会被盗号 篡改风险，对目标网站植入垃圾广告 冒充风险，可能会有一个假的网站  使用TLS协议可以解决HTPP的风险，通过：  信息加密 校验机制 身份证书  TLS协议四次握手如图所示： 接下来，我们就以最简单的 RSA 密钥交换算法，来看看它的 TLS 握手过程。 RSA 握手">
<meta property="og:locale" content="en_US">
<meta property="og:image" content="https://img.lovetao.top/img/202303152100335.jpg">
<meta property="article:published_time" content="2023-03-15T12:01:00.000Z">
<meta property="article:modified_time" content="2023-03-15T12:43:09.904Z">
<meta property="article:author" content="戴涛">
<meta property="article:tag" content="计算机网络">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://img.lovetao.top/img/202303152100335.jpg"><link rel="shortcut icon" href="/img/favicon.png"><link rel="canonical" href="https://declan1.gitee.io/2023/03/15/Https-RSA-%E6%8F%A1%E6%89%8B%E8%A7%A3%E6%9E%90/index.html"><link rel="preconnect" href="//cdn.jsdelivr.net"/><link rel="preconnect" href="//busuanzi.ibruce.info"/><link rel="stylesheet" href="/css/index.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free/css/all.min.css" media="print" onload="this.media='all'"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox.min.css" media="print" onload="this.media='all'"><script>const GLOBAL_CONFIG = { 
  root: '/',
  algolia: undefined,
  localSearch: undefined,
  translate: undefined,
  noticeOutdate: undefined,
  highlight: {"plugin":"highlighjs","highlightCopy":true,"highlightLang":true,"highlightHeightLimit":false},
  copy: {
    success: 'Copy successfully',
    error: 'Copy error',
    noSupport: 'The browser does not support'
  },
  relativeDate: {
    homepage: false,
    post: false
  },
  runtime: '',
  date_suffix: {
    just: 'Just',
    min: 'minutes ago',
    hour: 'hours ago',
    day: 'days ago',
    month: 'months ago'
  },
  copyright: undefined,
  lightbox: 'fancybox',
  Snackbar: undefined,
  source: {
    justifiedGallery: {
      js: 'https://cdn.jsdelivr.net/npm/flickr-justified-gallery/dist/fjGallery.min.js',
      css: 'https://cdn.jsdelivr.net/npm/flickr-justified-gallery/dist/fjGallery.min.css'
    }
  },
  isPhotoFigcaption: false,
  islazyload: false,
  isAnchor: false,
  percent: {
    toc: true,
    rightside: false,
  }
}</script><script id="config-diff">var GLOBAL_CONFIG_SITE = {
  title: 'Https RSA 握手解析',
  isPost: true,
  isHome: false,
  isHighlightShrink: false,
  isToc: true,
  postUpdate: '2023-03-15 20:43:09'
}</script><noscript><style type="text/css">
  #nav {
    opacity: 1
  }
  .justified-gallery img {
    opacity: 1
  }

  #recent-posts time,
  #post-meta time {
    display: inline !important
  }
</style></noscript><script>(win=>{
    win.saveToLocal = {
      set: function setWithExpiry(key, value, ttl) {
        if (ttl === 0) return
        const now = new Date()
        const expiryDay = ttl * 86400000
        const item = {
          value: value,
          expiry: now.getTime() + expiryDay,
        }
        localStorage.setItem(key, JSON.stringify(item))
      },

      get: function getWithExpiry(key) {
        const itemStr = localStorage.getItem(key)

        if (!itemStr) {
          return undefined
        }
        const item = JSON.parse(itemStr)
        const now = new Date()

        if (now.getTime() > item.expiry) {
          localStorage.removeItem(key)
          return undefined
        }
        return item.value
      }
    }
  
    win.getScript = url => new Promise((resolve, reject) => {
      const script = document.createElement('script')
      script.src = url
      script.async = true
      script.onerror = reject
      script.onload = script.onreadystatechange = function() {
        const loadState = this.readyState
        if (loadState && loadState !== 'loaded' && loadState !== 'complete') return
        script.onload = script.onreadystatechange = null
        resolve()
      }
      document.head.appendChild(script)
    })
  
    win.getCSS = (url,id = false) => new Promise((resolve, reject) => {
      const link = document.createElement('link')
      link.rel = 'stylesheet'
      link.href = url
      if (id) link.id = id
      link.onerror = reject
      link.onload = link.onreadystatechange = function() {
        const loadState = this.readyState
        if (loadState && loadState !== 'loaded' && loadState !== 'complete') return
        link.onload = link.onreadystatechange = null
        resolve()
      }
      document.head.appendChild(link)
    })
  
      win.activateDarkMode = function () {
        document.documentElement.setAttribute('data-theme', 'dark')
        if (document.querySelector('meta[name="theme-color"]') !== null) {
          document.querySelector('meta[name="theme-color"]').setAttribute('content', '#0d0d0d')
        }
      }
      win.activateLightMode = function () {
        document.documentElement.setAttribute('data-theme', 'light')
        if (document.querySelector('meta[name="theme-color"]') !== null) {
          document.querySelector('meta[name="theme-color"]').setAttribute('content', '#ffffff')
        }
      }
      const t = saveToLocal.get('theme')
    
          if (t === 'dark') activateDarkMode()
          else if (t === 'light') activateLightMode()
        
      const asideStatus = saveToLocal.get('aside-status')
      if (asideStatus !== undefined) {
        if (asideStatus === 'hide') {
          document.documentElement.classList.add('hide-aside')
        } else {
          document.documentElement.classList.remove('hide-aside')
        }
      }
    
    const detectApple = () => {
      if(/iPad|iPhone|iPod|Macintosh/.test(navigator.userAgent)){
        document.documentElement.classList.add('apple')
      }
    }
    detectApple()
    })(window)</script><meta name="generator" content="Hexo 6.3.0"></head><body><div id="sidebar"><div id="menu-mask"></div><div id="sidebar-menus"><div class="avatar-img is-center"><img src="https://img.lovetao.top/img/202303152100335.jpg" onerror="onerror=null;src='/img/friend_404.gif'" alt="avatar"/></div><div class="sidebar-site-data site-data is-center"><a href="/archives/"><div class="headline">Articles</div><div class="length-num">61</div></a><a href="/tags/"><div class="headline">Tags</div><div class="length-num">9</div></a><a href="/categories/"><div class="headline">Categories</div><div class="length-num">9</div></a></div><hr/><div class="menus_items"><div class="menus_item"><a class="site-page" href="/"><i class="fa-fw fas fa-home"></i><span> 主页</span></a></div><div class="menus_item"><a class="site-page" href="/archives/"><i class="fa-fw fas fa-archive"></i><span> 归档</span></a></div><div class="menus_item"><a class="site-page" href="/tags/"><i class="fa-fw fas fa-tags"></i><span> 标签</span></a></div><div class="menus_item"><a class="site-page" href="/categories/"><i class="fa-fw fas fa-folder-open"></i><span> 分类</span></a></div><div class="menus_item"><a class="site-page" href="/messageboard/"><i class="fa-fw fas fa-tags"></i><span> 留言板</span></a></div><div class="menus_item"><a class="site-page" href="/link/"><i class="fa-fw fas fa-link"></i><span> 链接</span></a></div><div class="menus_item"><a class="site-page" href="/about/"><i class="fa-fw fas fa-heart"></i><span> 关于</span></a></div></div></div></div><div class="post" id="body-wrap"><header class="post-bg" id="page-header" style="background-image: url('https://img.lovetao.top/img/202303152113310.jpg')"><nav id="nav"><span id="blog-info"><a href="/" title="戴涛的宝藏"><span class="site-name">戴涛的宝藏</span></a></span><div id="menus"><div class="menus_items"><div class="menus_item"><a class="site-page" href="/"><i class="fa-fw fas fa-home"></i><span> 主页</span></a></div><div class="menus_item"><a class="site-page" href="/archives/"><i class="fa-fw fas fa-archive"></i><span> 归档</span></a></div><div class="menus_item"><a class="site-page" href="/tags/"><i class="fa-fw fas fa-tags"></i><span> 标签</span></a></div><div class="menus_item"><a class="site-page" href="/categories/"><i class="fa-fw fas fa-folder-open"></i><span> 分类</span></a></div><div class="menus_item"><a class="site-page" href="/messageboard/"><i class="fa-fw fas fa-tags"></i><span> 留言板</span></a></div><div class="menus_item"><a class="site-page" href="/link/"><i class="fa-fw fas fa-link"></i><span> 链接</span></a></div><div class="menus_item"><a class="site-page" href="/about/"><i class="fa-fw fas fa-heart"></i><span> 关于</span></a></div></div><div id="toggle-menu"><a class="site-page" href="javascript:void(0);"><i class="fas fa-bars fa-fw"></i></a></div></div></nav><div id="post-info"><h1 class="post-title">Https RSA 握手解析</h1><div id="post-meta"><div class="meta-firstline"><span class="post-meta-date"><i class="far fa-calendar-alt fa-fw post-meta-icon"></i><span class="post-meta-label">Created</span><time class="post-meta-date-created" datetime="2023-03-15T12:01:00.000Z" title="Created 2023-03-15 20:01:00">2023-03-15</time><span class="post-meta-separator">|</span><i class="fas fa-history fa-fw post-meta-icon"></i><span class="post-meta-label">Updated</span><time class="post-meta-date-updated" datetime="2023-03-15T12:43:09.904Z" title="Updated 2023-03-15 20:43:09">2023-03-15</time></span><span class="post-meta-categories"><span class="post-meta-separator">|</span><i class="fas fa-inbox fa-fw post-meta-icon"></i><a class="post-meta-categories" href="/categories/%E8%AE%A1%E7%AE%97%E6%9C%BA%E7%BD%91%E7%BB%9C/">计算机网络</a></span></div><div class="meta-secondline"><span class="post-meta-separator">|</span><span class="post-meta-pv-cv" id="" data-flag-title="Https RSA 握手解析"><i class="far fa-eye fa-fw post-meta-icon"></i><span class="post-meta-label">Post View:</span><span id="busuanzi_value_page_pv"><i class="fa-solid fa-spinner fa-spin"></i></span></span></div></div></div></header><main class="layout" id="content-inner"><div id="post"><article class="post-content" id="article-container"><h2 id="HTTPS-RSA-握手解析"><a href="#HTTPS-RSA-握手解析" class="headerlink" title="HTTPS RSA 握手解析"></a>HTTPS RSA 握手解析</h2><h3 id="为什么要使用HTTPS协议"><a href="#为什么要使用HTTPS协议" class="headerlink" title="为什么要使用HTTPS协议"></a>为什么要使用HTTPS协议</h3><p>http是明文传输的，在传输过程中会有几大风险：</p>
<ul>
<li>窃听风险，可能会被盗号</li>
<li>篡改风险，对目标网站植入垃圾广告</li>
<li>冒充风险，可能会有一个假的网站</li>
</ul>
<p>使用TLS协议可以解决HTPP的风险，通过：</p>
<ul>
<li>信息加密</li>
<li>校验机制</li>
<li>身份证书</li>
</ul>
<p>TLS协议四次握手如图所示：<br><img src="http://jxau7124.oss-cn-shenzhen.aliyuncs.com/images/20230315_2040134490.png" alt="image.png"></p>
<p>接下来，我们就以最简单的 RSA 密钥交换算法，来看看它的 TLS 握手过程。</p>
<h3 id="RSA-握手过程"><a href="#RSA-握手过程" class="headerlink" title="RSA 握手过程"></a>RSA 握手过程</h3><p> TLS 证书部署服务端时，证书文件其实就是服务端的公钥，会在 TLS 握手阶段传递给客户端，而服务端的私钥则一直留在<strong>服务端</strong>，一定要确保私钥不能被窃取。</p>
<h4 id="TLS-第一次握手"><a href="#TLS-第一次握手" class="headerlink" title="TLS 第一次握手"></a>TLS 第一次握手</h4><p>客户端首先会发一个「<strong>Client Hello</strong>」消息，消息里面包括了客户端使用的TLS版本号、支持的密码套件列表，以及生成的随机数，这个随机数会被服务端保留，它是生成对称加密密钥的材料之一。</p>
<h4 id=""><a href="#" class="headerlink" title=""></a></h4><p>TLS 第二次握手<br>当服务端收到客户端的消息后，会先确认TLS版本号是否支持，在从密码套件中选择一个密码套件，以及生成随机数。<br>然后，服务端为了证明自己的身份，会发送「<strong>Server Certificate</strong>」给客户端，这个消息里含有数字证书。<br>随后，服务端发了「<strong>Server Hello Done</strong>」消息，目的是告诉客户端，我已经把该给你的东西都给你了，本次打招呼完毕。</p>
<h5 id="随机数有啥用"><a href="#随机数有啥用" class="headerlink" title="随机数有啥用"></a>随机数有啥用</h5><p>就前面这两个客户端和服务端相互「打招呼」的过程，客户端和服务端就已确认了 TLS 版本和使用的密码套件，而且你可能发现客户端和服务端都会各自生成一个随机数，并且还会把随机数传递给对方。<br>那这个随机数有啥用呢？其实这两个随机数是后续作为生成「会话密钥」的条件，所谓的会话密钥就是数据传输时，所使用的对称加密密钥。</p>
<h4 id="TLS-第三次握手"><a href="#TLS-第三次握手" class="headerlink" title="TLS 第三次握手"></a>TLS 第三次握手</h4><p>第三次握手：</p>
<ul>
<li>验证证书</li>
<li>生成随机数，并发送给服务端</li>
<li>根据已经得到的三个随机数生成密钥</li>
<li>告诉服务端开始用加密方式发送消息</li>
<li>把之前所有发送的数据做个摘要，再用会话密钥加密一下，让服务器做验证，验证加密通信是否可用。</li>
</ul>
<h5 id="客户端验证证书"><a href="#客户端验证证书" class="headerlink" title="客户端验证证书"></a>客户端验证证书</h5><p>一个数字证书中有如下信息：</p>
<ul>
<li>公钥；</li>
<li>持有者信息；</li>
<li>证书认证机构（CA）的信息；</li>
<li>CA 对这份文件的数字签名及使用的算法；</li>
<li>证书有效期；</li>
<li>还有一些其他额外信息；</li>
</ul>
<blockquote>
<p>数字证书的作用，是用来认证公钥持有者的身份，以防止第三方进行冒充。</p>
</blockquote>
<h5 id="数字证书签发和验证流程"><a href="#数字证书签发和验证流程" class="headerlink" title="数字证书签发和验证流程"></a>数字证书签发和验证流程</h5><p>签发：</p>
<ul>
<li>CA把持有者的公钥、用途、颁发者、有效时间等信息打成一个包，然后对这些信息进行Hash计算，得到Hash值h1</li>
<li>CA用自己的私钥把h1进行加密生成签名</li>
<li>最后将签名添加在文件证书上，形成数字证书</li>
</ul>
<p>验证（客户端完成）：</p>
<ul>
<li>客户端用同样的Hash算法把信息加密成h2</li>
<li>然后用证书上的公钥解密证书上的签名，得到h1</li>
<li>接着比较h1和h2是否相同，如果值相同，则为可信赖的证书，否则则认为证书不可信</li>
</ul>
<p><img src="http://jxau7124.oss-cn-shenzhen.aliyuncs.com/images/20230315_2040147691.png" alt="image.png"></p>
<ul>
<li>完成验证后，客户端就会生成一个新的随机数 (pre-master)，用服务器的 RSA 公钥加密该随机数，通过「Client Key Exchange」消息传给服务端。</li>
<li>服务端收到后，用 RSA 私钥解密，得到客户端发来的随机数 。</li>
<li>至此，客户端和服务端双方都共享了三个随机数，分别是 Client Random、Server Random、pre-master。于是，<strong>双方</strong>根据已经得到的三个随机数，生成会话密钥（Master Secret），它是对称密钥，用于对后续的 HTTP 请求&#x2F;响应的数据加解密。</li>
<li>生成完「会话密钥」后，然后客户端发一个「Change Cipher Spec」，告诉服务端开始使用加密方式发送消息。</li>
<li>然后，客户端再发一个「Encrypted Handshake Message（Finishd）」消息，把之前所有发送的数据做个摘要，再用会话密钥加密一下，让服务器做个验证，验证加密通信是否可用。</li>
</ul>
<h4 id="TLS-第四次握手"><a href="#TLS-第四次握手" class="headerlink" title="TLS 第四次握手"></a>TLS 第四次握手</h4><p>服务器也是同样的操作，发「Change Cipher Spec」（用加密方式发送消息）和「Encrypted Handshake Message」消息，如果双方都验证加密和解密没问题，那么握手正式完成。</p>
<h3 id="RSA-算法的缺陷"><a href="#RSA-算法的缺陷" class="headerlink" title="RSA 算法的缺陷"></a>RSA 算法的缺陷</h3><p><strong>使用 RSA 密钥协商算法的最大问题是不支持前向保密</strong>。<br>因为客户端传递随机数（用于生成对称加密密钥的条件之一）给服务端时使用的是公钥加密的，服务端收到后，会用私钥解密得到随机数。所以一旦服务端的私钥泄漏了，过去被第三方截获的所有 TLS 通讯密文都会被破解。</p>
<h2 id="HTTPS如何优化"><a href="#HTTPS如何优化" class="headerlink" title="HTTPS如何优化"></a>HTTPS如何优化</h2><p><img src="http://jxau7124.oss-cn-shenzhen.aliyuncs.com/images/20230315_2040154025.png" alt="image.png"></p>
</article><div class="post-copyright"><div class="post-copyright__author"><span class="post-copyright-meta">Author: </span><span class="post-copyright-info"><a href="https://declan1.gitee.io">戴涛</a></span></div><div class="post-copyright__type"><span class="post-copyright-meta">Link: </span><span class="post-copyright-info"><a href="https://declan1.gitee.io/2023/03/15/Https-RSA-%E6%8F%A1%E6%89%8B%E8%A7%A3%E6%9E%90/">https://declan1.gitee.io/2023/03/15/Https-RSA-%E6%8F%A1%E6%89%8B%E8%A7%A3%E6%9E%90/</a></span></div><div class="post-copyright__notice"><span class="post-copyright-meta">Copyright Notice: </span><span class="post-copyright-info">All articles in this blog are licensed under <a target="_blank" rel="noopener" href="https://creativecommons.org/licenses/by-nc-sa/4.0/">CC BY-NC-SA 4.0</a> unless stating additionally.</span></div></div><div class="tag_share"><div class="post-meta__tag-list"><a class="post-meta__tags" href="/tags/%E8%AE%A1%E7%AE%97%E6%9C%BA%E7%BD%91%E7%BB%9C/">计算机网络</a></div><div class="post_share"><div class="social-share" data-image="https://img.lovetao.top/img/202303152100335.jpg" data-sites="facebook,twitter,wechat,weibo,qq"></div><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/butterfly-extsrc/sharejs/dist/css/share.min.css" media="print" onload="this.media='all'"><script src="https://cdn.jsdelivr.net/npm/butterfly-extsrc/sharejs/dist/js/social-share.min.js" defer></script></div></div><nav class="pagination-post" id="pagination"><div class="prev-post pull-left"><a href="/2023/03/15/Http-2%E7%89%9B%E9%80%BC%E5%9C%A8%E5%93%AA/" title="Http/2牛逼在哪"><div class="cover" style="background: var(--default-bg-color)"></div><div class="pagination-info"><div class="label">Previous Post</div><div class="prev_info">Http/2牛逼在哪</div></div></a></div><div class="next-post pull-right"><a href="/2023/03/15/Http1-1-%E5%A6%82%E4%BD%95%E4%BC%98%E5%8C%96/" title="Http1.1 如何优化"><div class="cover" style="background: var(--default-bg-color)"></div><div class="pagination-info"><div class="label">Next Post</div><div class="next_info">Http1.1 如何优化</div></div></a></div></nav><div class="relatedPosts"><div class="headline"><i class="fas fa-thumbs-up fa-fw"></i><span>Related Articles</span></div><div class="relatedPosts-list"><div><a href="/2023/03/20/GET-%E5%92%8C-POST-%E7%9A%84%E5%8C%BA%E5%88%AB/" title="GET 和 POST 的区别"><div class="cover" style="background: var(--default-bg-color)"></div><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2023-03-20</div><div class="title">GET 和 POST 的区别</div></div></a></div><div><a href="/2023/03/15/GET%20%E5%92%8C%20POST%20%E6%9C%89%E4%BB%80%E4%B9%88%E5%8C%BA%E5%88%AB%EF%BC%9F/" title="GET 和 POST 有什么区别？"><div class="cover" style="background: var(--default-bg-color)"></div><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2023-03-15</div><div class="title">GET 和 POST 有什么区别？</div></div></a></div><div><a href="/2023/03/22/HTTP-1-1/" title="HTTP&#x2F;1.1"><div class="cover" style="background: var(--default-bg-color)"></div><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2023-03-22</div><div class="title">HTTP&#x2F;1.1</div></div></a></div><div><a href="/2023/03/21/HTTP-TCP-Socket%E4%B9%8B%E9%97%B4%E7%9A%84%E5%85%B3%E7%B3%BB/" title="HTTP , TCP ,Socket之间的关系"><div class="cover" style="background: var(--default-bg-color)"></div><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2023-03-21</div><div class="title">HTTP , TCP ,Socket之间的关系</div></div></a></div><div><a href="/2023/03/28/HTTP-1-1%E3%80%81HTTP-2%E3%80%81HTTP-3-%E6%BC%94%E5%8F%98/" title="HTTP&#x2F;1.1、HTTP&#x2F;2、HTTP&#x2F;3 演变"><div class="cover" style="background: var(--default-bg-color)"></div><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2023-03-28</div><div class="title">HTTP&#x2F;1.1、HTTP&#x2F;2、HTTP&#x2F;3 演变</div></div></a></div><div><a href="/2023/03/21/HTTP-%E7%8A%B6%E6%80%81%E7%A0%81/" title="HTTP 状态码"><div class="cover" style="background: var(--default-bg-color)"></div><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2023-03-21</div><div class="title">HTTP 状态码</div></div></a></div></div></div><hr/><div id="post-comment"><div class="comment-head"><div class="comment-headline"><i class="fas fa-comments fa-fw"></i><span> Comment</span></div></div><div class="comment-wrap"><div><div class="vcomment" id="vcomment"></div></div></div></div></div><div class="aside-content" id="aside-content"><div class="card-widget card-info"><div class="is-center"><div class="avatar-img"><img src="https://img.lovetao.top/img/202303152100335.jpg" onerror="this.onerror=null;this.src='/img/friend_404.gif'" alt="avatar"/></div><div class="author-info__name">戴涛</div><div class="author-info__description">虽平凡，但不甘于平凡</div></div><div class="card-info-data site-data is-center"><a href="/archives/"><div class="headline">Articles</div><div class="length-num">61</div></a><a href="/tags/"><div class="headline">Tags</div><div class="length-num">9</div></a><a href="/categories/"><div class="headline">Categories</div><div class="length-num">9</div></a></div><a id="card-info-btn" target="_blank" rel="noopener" href="https://github.com/xxxxxx"><i class="fab fa-github"></i><span>Follow Me</span></a><div class="card-info-social-icons is-center"><a class="social-icon" href="https://gitee.com/declan1" target="_blank" title="Github"><i class="fab fa-github"></i></a><a class="social-icon" href="mailto:coder_tao@163.com" target="_blank" title="Email"><i class="fas fa-envelope"></i></a></div></div><div class="card-widget card-announcement"><div class="item-headline"><i class="fas fa-bullhorn fa-shake"></i><span>Announcement</span></div><div class="announcement_content">This is my Blog</div></div><div class="sticky_layout"><div class="card-widget" id="card-toc"><div class="item-headline"><i class="fas fa-stream"></i><span>Catalog</span><span class="toc-percentage"></span></div><div class="toc-content"><ol class="toc"><li class="toc-item toc-level-2"><a class="toc-link" href="#HTTPS-RSA-%E6%8F%A1%E6%89%8B%E8%A7%A3%E6%9E%90"><span class="toc-number">1.</span> <span class="toc-text">HTTPS RSA 握手解析</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#%E4%B8%BA%E4%BB%80%E4%B9%88%E8%A6%81%E4%BD%BF%E7%94%A8HTTPS%E5%8D%8F%E8%AE%AE"><span class="toc-number">1.1.</span> <span class="toc-text">为什么要使用HTTPS协议</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#RSA-%E6%8F%A1%E6%89%8B%E8%BF%87%E7%A8%8B"><span class="toc-number">1.2.</span> <span class="toc-text">RSA 握手过程</span></a><ol class="toc-child"><li class="toc-item toc-level-4"><a class="toc-link" href="#TLS-%E7%AC%AC%E4%B8%80%E6%AC%A1%E6%8F%A1%E6%89%8B"><span class="toc-number">1.2.1.</span> <span class="toc-text">TLS 第一次握手</span></a></li><li class="toc-item toc-level-4"><a class="toc-link"><span class="toc-number">1.2.2.</span> <span class="toc-text"></span></a><ol class="toc-child"><li class="toc-item toc-level-5"><a class="toc-link" href="#%E9%9A%8F%E6%9C%BA%E6%95%B0%E6%9C%89%E5%95%A5%E7%94%A8"><span class="toc-number">1.2.2.1.</span> <span class="toc-text">随机数有啥用</span></a></li></ol></li><li class="toc-item toc-level-4"><a class="toc-link" href="#TLS-%E7%AC%AC%E4%B8%89%E6%AC%A1%E6%8F%A1%E6%89%8B"><span class="toc-number">1.2.3.</span> <span class="toc-text">TLS 第三次握手</span></a><ol class="toc-child"><li class="toc-item toc-level-5"><a class="toc-link" href="#%E5%AE%A2%E6%88%B7%E7%AB%AF%E9%AA%8C%E8%AF%81%E8%AF%81%E4%B9%A6"><span class="toc-number">1.2.3.1.</span> <span class="toc-text">客户端验证证书</span></a></li><li class="toc-item toc-level-5"><a class="toc-link" href="#%E6%95%B0%E5%AD%97%E8%AF%81%E4%B9%A6%E7%AD%BE%E5%8F%91%E5%92%8C%E9%AA%8C%E8%AF%81%E6%B5%81%E7%A8%8B"><span class="toc-number">1.2.3.2.</span> <span class="toc-text">数字证书签发和验证流程</span></a></li></ol></li><li class="toc-item toc-level-4"><a class="toc-link" href="#TLS-%E7%AC%AC%E5%9B%9B%E6%AC%A1%E6%8F%A1%E6%89%8B"><span class="toc-number">1.2.4.</span> <span class="toc-text">TLS 第四次握手</span></a></li></ol></li><li class="toc-item toc-level-3"><a class="toc-link" href="#RSA-%E7%AE%97%E6%B3%95%E7%9A%84%E7%BC%BA%E9%99%B7"><span class="toc-number">1.3.</span> <span class="toc-text">RSA 算法的缺陷</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#HTTPS%E5%A6%82%E4%BD%95%E4%BC%98%E5%8C%96"><span class="toc-number">2.</span> <span class="toc-text">HTTPS如何优化</span></a></li></ol></div></div><div class="card-widget card-recent-post"><div class="item-headline"><i class="fas fa-history"></i><span>Recent Post</span></div><div class="aside-list"><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/2023/03/28/HTTP-1-1%E3%80%81HTTP-2%E3%80%81HTTP-3-%E6%BC%94%E5%8F%98/" title="HTTP/1.1、HTTP/2、HTTP/3 演变">HTTP/1.1、HTTP/2、HTTP/3 演变</a><time datetime="2023-03-28T15:30:00.000Z" title="Created 2023-03-28 23:30:00">2023-03-28</time></div></div><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/2023/03/24/HTTPS-%E7%9A%84%E5%BA%94%E7%94%A8%E6%95%B0%E6%8D%AE%E6%98%AF%E5%A6%82%E4%BD%95%E4%BF%9D%E8%AF%81%E5%AE%8C%E6%95%B4%E6%80%A7%E7%9A%84%EF%BC%9F/" title="HTTPS 的应用数据是如何保证完整性的？">HTTPS 的应用数据是如何保证完整性的？</a><time datetime="2023-03-24T09:25:00.000Z" title="Created 2023-03-24 17:25:00">2023-03-24</time></div></div><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/2023/03/24/HTTPS-%E6%98%AF%E5%A6%82%E4%BD%95%E5%BB%BA%E7%AB%8B%E8%BF%9E%E6%8E%A5%E7%9A%84%EF%BC%9F/" title="HTTPS 是如何建立连接的？">HTTPS 是如何建立连接的？</a><time datetime="2023-03-24T09:25:00.000Z" title="Created 2023-03-24 17:25:00">2023-03-24</time></div></div><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/2023/03/24/HTTPS-%E4%B8%80%E5%AE%9A%E5%AE%89%E5%85%A8%E5%8F%AF%E9%9D%A0%E5%90%97%EF%BC%9F/" title="HTTPS 一定安全可靠吗？">HTTPS 一定安全可靠吗？</a><time datetime="2023-03-24T09:24:00.000Z" title="Created 2023-03-24 17:24:00">2023-03-24</time></div></div><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/2023/03/23/%E5%AE%9E%E6%88%98/" title="实战">实战</a><time datetime="2023-03-23T13:52:00.000Z" title="Created 2023-03-23 21:52:00">2023-03-23</time></div></div></div></div></div></div></main><footer id="footer" style="background-image: url('https://img.lovetao.top/img/202303152113310.jpg')"><div id="footer-wrap"><div class="copyright">&copy;2020 - 2023 By 戴涛</div><div class="framework-info"><span>Framework </span><a target="_blank" rel="noopener" href="https://hexo.io">Hexo</a><span class="footer-separator">|</span><span>Theme </span><a target="_blank" rel="noopener" href="https://github.com/jerryc127/hexo-theme-butterfly">Butterfly</a></div></div></footer></div><div id="rightside"><div id="rightside-config-hide"><button id="readmode" type="button" title="Read Mode"><i class="fas fa-book-open"></i></button><button id="darkmode" type="button" title="Switch Between Light And Dark Mode"><i class="fas fa-adjust"></i></button><button id="hide-aside-btn" type="button" title="Toggle between single-column and double-column"><i class="fas fa-arrows-alt-h"></i></button></div><div id="rightside-config-show"><button id="rightside_config" type="button" title="Setting"><i class="fas fa-cog fa-spin"></i></button><button class="close" id="mobile-toc-button" type="button" title="Table Of Contents"><i class="fas fa-list-ul"></i></button><a id="to_comment" href="#post-comment" title="Scroll To Comments"><i class="fas fa-comments"></i></a><button id="go-up" type="button" title="Back To Top"><span class="scroll-percent"></span><i class="fas fa-arrow-up"></i></button></div></div><div><script src="/js/utils.js"></script><script src="/js/main.js"></script><script src="https://cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox.umd.min.js"></script><div class="js-pjax"><script>function loadValine () {
  function initValine () {
    const valine = new Valine(Object.assign({
      el: '#vcomment',
      appId: 'cEUNK0k7aOSrnE93yOEHT9io-gzGzoHsz',
      appKey: '3oME0qpmzHlf1QmZiMY9i8rs',
      avatar: 'declan',
      serverURLs: '',
      emojiMaps: "",
      path: window.location.pathname,
      visitor: false
    }, null))
  }

  if (typeof Valine === 'function') initValine() 
  else getScript('https://cdn.jsdelivr.net/npm/valine/dist/Valine.min.js').then(initValine)
}

if ('Valine' === 'Valine' || !false) {
  if (false) btf.loadComment(document.getElementById('vcomment'),loadValine)
  else setTimeout(loadValine, 0)
} else {
  function loadOtherComment () {
    loadValine()
  }
}</script></div><script async data-pjax src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script></div></body></html>